SafetyNet API

Last updated

The SafetyNet API [1] consists of several application programming interfaces (APIs) offered by the Google Play Services to support security sensitive applications, such as DRM. Currently, these APIs include device integrity verification, app verification, recaptcha and web address verification.

Contents

Attestation

The SafetyNet Attestation API, [2] one of the APIs under the SafetyNet umbrella, provides verification that the integrity of the device is not compromised. [3] [4] [5] In practice, non-official ROMs such as LineageOS fail the hardware attestation and thus restrict the user from enjoying a pure Android implementation (without the Google Services) while being able to use third-party apps (mainly banking). Due to this, some consider this a monopolistic practice deterring the entrance of competing mobile operating systems in the market. [6]

The SafetyNet Attestation API (one of the four APIs under the SafetyNet umbrella) has been deprecated. [7] As of 6 October 2023, Google expects to fully replace it with the Play Integrity API by the end of January 2025. [7] [8] Like the SafetyNet APIs, the Play Integrity API is offered by Google Services and thus is not available on free Android environments (AOSP). Therefore, apps that require the API to be available may refuse to execute on AOSP builds.

Related Research Articles

A software development kit (SDK) is a collection of software development tools in one installable package. They facilitate the creation of applications by having a compiler, debugger and sometimes a software framework. They are normally specific to a hardware platform and operating system combination. To create applications with advanced functionalities such as advertisements, push notifications, etc; most application software developers use specific software development kits.

Android is a mobile operating system based on a modified version of the Linux kernel and other open-source software, designed primarily for touchscreen mobile devices such as smartphones and tablets. Android is developed by a consortium of developers known as the Open Handset Alliance, though its most widely used version is primarily developed by Google. It was unveiled in November 2007, with the first commercial Android device, the HTC Dream, being launched in September 2008.

Rooting is the process by which users of Android devices can attain privileged control over various subsystems of the device, usually smartphones. Because Android is based on a modified version of the Linux kernel, rooting an Android device gives similar access to administrative (superuser) permissions as on Linux or any other Unix-like operating system such as FreeBSD or macOS.

<span class="mw-page-title-main">Android Beam</span> Former Android OS feature

Android Beam is a discontinued feature of the Android mobile operating system that allowed data to be transferred via near field communication (NFC). It allowed the rapid short-range exchange of web bookmarks, contact info, directions, YouTube videos, and other data. Android Beam was introduced in 2011 with Android Ice Cream Sandwich. This was improved after Google acquired Bump. By 2017, ComputerWorld included Android Beam in a list of "once-trumpeted features that quietly faded away", observing that "despite the admirable marketing effort, Beam never quite worked particularly well, and numerous other systems for sharing stuff proved to be simpler and more reliable."

<span class="mw-page-title-main">Android Cloud to Device Messaging</span> Defunct mobile notification service

Android Cloud to Device Messaging, or C2DM, is a defunct mobile notification service that was developed by Google and replaced by the Google Cloud Messaging service. It enabled developers to send data from servers to Android applications and Chrome extensions. C2DM originally launched in 2010 and was available beginning with version 2.2 of Android. On June 27, 2012, Google unveiled the Google Cloud Messaging service aimed at replacing C2DM, citing improvements to authentication and delivery, new API endpoints and messaging parameters, and the removal of API rate limits and maximum message sizes. Google announced official deprecation of the C2DM service in August 2012, and released documentation to assist developers with migrating to the new service. The C2DM service was discontinued for existing applications and completely shut down on October 20, 2015.

<span class="mw-page-title-main">Android Jelly Bean</span> Tenth version of the Android operating system

Android Jelly Bean is the codename given to the tenth version of the Android mobile operating system developed by Google, spanning three major point releases. Among the devices that run Android 4.1 to 4.3 are the Nexus 7 (2012), Nexus 4, Nexus 10, Nexus 7 (2013), and Hyundai Play X.

<span class="mw-page-title-main">Google Cloud Messaging</span> Mobile notification service

Google Cloud Messaging (GCM) was a mobile notification service developed by Google that enables third-party application developers to send notification data or information from developer-run servers to applications that target the Google Android Operating System, as well as applications or extensions developed for the Google Chrome internet browser. It was available to developers free of charge. The GCM Service was first announced in June 2012 as a successor to Google's now-defunct Android Cloud to Device Messaging (C2DM) service, citing improvements to authentication and delivery, new API endpoints and messaging parameters, and the removal of limitations on API send-rates and message sizes. It has been superseded by Google's Firebase Cloud Messaging (FCM) on May 29, 2019.

Samsung Knox is a proprietary security and management framework pre-installed on most Samsung mobile devices. Its primary purpose is to provide organizations with a toolset for managing work devices, such as employee mobile phones or interactive kiosks. Samsung Galaxy hardware, as well as software such as Secure Folder and Samsung Wallet, make use of the Knox framework.

A trusted execution environment (TEE) is a secure area of a main processor. It helps code and data loaded inside it to be protected with respect to confidentiality and integrity. Data integrity prevents unauthorized entities from outside the TEE from altering data, while code integrity prevents code in the TEE from being replaced or modified by unauthorized entities, which may also be the computer owner itself as in certain DRM schemes described in SGX. This is done by implementing unique, immutable, and confidential architectural security such as Intel Software Guard Extensions which offers hardware-based memory encryption that isolates specific application code and data in memory. Intel SGX allows user-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels. A TEE as an isolated execution environment provides security features such as isolated execution, integrity of applications executing with the TEE, along with confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security for trusted applications running on the device than a rich operating system (OS) and more functionality than a 'secure element' (SE).

<span class="mw-page-title-main">Android KitKat</span> Eleventh version of the Android operating system

Android KitKat is the codename for the eleventh Android mobile operating system, representing release version 4.4. Unveiled on September 3, 2013, KitKat focused primarily on optimizing the operating system for improved performance on entry-level devices with limited resources. The first phone with Android KitKat was the Nexus 5.

Google Play Services is a proprietary software package produced by Google for installation on Android devices. It consists of background services and libraries for use by mobile apps running on the device. When it was introduced in 2012, it provided access to the Google+ APIs and OAuth 2.0. It expanded to cover a variety of Google services, allowing applications to communicate with the services through common means.

<span class="mw-page-title-main">Google Mobile Services</span> Googles proprietary software bundle on the Android platform

Google Mobile Services (GMS) is a collection of proprietary applications and application programming interfaces (APIs) services from Google that are typically pre-installed on Android devices, such as smartphones, tablets, and smart TVs. GMS is not a part of the Android Open Source Project (AOSP), which means an Android manufacturer needs to obtain a license from Google in order to legally pre-install GMS on an Android device. This license is provided by Google without any licensing fees except in the EU.

<span class="mw-page-title-main">Android Lollipop</span> Fifth major version of the Android operating system

Android Lollipop is the fifth major version of the Android mobile operating system developed by Google and the 12th version of Android, spanning versions between 5.0 and 5.1.1. Unveiled on June 25, 2014 at the Google I/O 2014 conference, it became available through official over-the-air (OTA) updates on November 12, 2014, for select devices that run distributions of Android serviced by Google. Its source code was made available on November 3, 2014. The first phone with Android Lollipop was the Nexus 6.

Android Marshmallow is the sixth major version of the Android operating system developed by Google, being the successor to Android Lollipop. It was announced at Google I/O on May 28, 2015, and released the same day as a beta, before being officially released on September 29, 2015. It was succeeded by Android Nougat on August 22, 2016.

<span class="mw-page-title-main">LineageOS</span> Free and open-source operating system based on Android

LineageOS is an Android-based operating system for smartphones, tablet computers, and set-top boxes, with mostly free and open-source software. It is the successor to CyanogenMod, from which it was forked in December 2016, when Cyanogen Inc. announced it was discontinuing development and shut down the infrastructure behind the project. Since Cyanogen Inc. retained the rights to the Cyanogen name, the project rebranded its fork as LineageOS.

<span class="mw-page-title-main">Android Oreo</span> Eighth major version of the Android mobile operating system

Android Oreo is the eighth major release and the 15th version of the Android mobile operating system. It was initially unveiled as an alpha quality developer preview in March 2017 and later made available to the public, on August 21, 2017.

<span class="mw-page-title-main">Android 10</span> Tenth major version of the Android mobile operating system

Android 10 is the tenth major release and the 17th version of the Android mobile operating system. It was first released as a developer preview on March 13, 2019, and was released publicly on September 3, 2019.

<span class="mw-page-title-main">HarmonyOS</span> Distributed operating system by Huawei

HarmonyOS (HMOS) is a distributed operating system developed by Huawei for smartphones, tablets, smart TVs, smart watches, personal computers and other smart devices. It has a multikernel design with dual frameworks: the operating system selects suitable kernels from the abstraction layer in the case of devices that use diverse resources. The operating system was officially launched by Huawei in August 2019.

Umar Javeed, Sukarma Thapar, Aaqib Javeed vs. Google LLC and Ors. is a 2019 court case in which Google and Google India Private Limited were accused of abuse of dominance in the Android operating system in India. The Competition Commission of India found that Google abused its dominant position by requiring device manufacturers wishing to pre-install apps to adhere to a compatibility standard on Android.

The version history of the HarmonyOS distributed operating system began with the public release of the HarmonyOS 1.0 for Honor Vision smart TVs on August 9, 2019. The first commercial version of the IoT based operating system, HarmonyOS 2.0, was released on June 2, 2021 for phones, tablets, smartwatches, smart speakers, routers, and internet of things. Beforehand, DevEco Studio, the HarmonyOS app development IDE, was released in September 2020 together with the HarmonyOS 2.0 Beta. HarmonyOS is developed by Huawei. New major releases are announced at the Huawei Developers Conference (HDC) in the fourth quarter of each year together with the first public beta version of the operating system's next major version. The next major stable version is then released in the third to fourth quarter of the following year.

References

  1. "SafetyNet Overview". Android Developers.
  2. "SafetyNet Attestation API". Android Developers.
  3. Hoffman, Chris (4 February 2016). "SafetyNet Explained: Why Android Pay and Other Apps Don't Work on Rooted Devices". How-To Geek. Retrieved 2021-09-11.
  4. "Google's dreaded SafetyNet hardware check has been spotted in the wild". Android Police. 2020-06-29. Retrieved 2021-09-11.
  5. Ibrahim, Muhammad; Imran, Abdullah; Bianchi, Antonio (2021-06-24). "SafetyNOT". Proceedings of the 19th Annual International Conference on Mobile Systems, Applications, and Services. Virtual Event Wisconsin: ACM. pp. 150–162. doi: 10.1145/3458864.3466627 . ISBN   978-1-4503-8443-8.
  6. Schwab, Andreas; Echeverria, Pablo Arias (24 March 2022). "Time to restore fairness and contestability in digital markets". www.euractiv.com.
  7. 1 2 "SafetyNet Deprecation Timeline". Android Developers.Retrieved2023-10-06.
  8. "Migrating from the SafetyNet Attestation API | Google Play". Android Developers.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.